Does Java have buffer overflows and memory leaks?

Hi Ranchers, Since Java is written in C++ (more details on this link), does it mean that Java may have buffer overflows and memory leaks? (Which may explain a Volano security advisory report that some Java VM implementations are vulnerable to a denial-of-service attack.) Any opinions/statements of facts about this? Ex Animo Java! -- Val [ August 28, 2002: Message edited by: Val Pecaoco ]

Memory leaks are not a property of any one language -- not even C++. It is certainly possible to create memory leaks in a running Java program, but it has nothing to do with native code libraries. It has everything to do with careless programming.

Val Pecaoco
Ranch Hand

Joined: Dec 05, 2001
Posts: 156

posted Aug 28, 2002 22:48:00

0

Originally posted by Michael Ernest: It is certainly possible to create memory leaks in a running Java program, but it has nothing to do with native code libraries. It has everything to do with careless programming.

So, it's like, a carelessly-programmed Java virtual machine in C++, for example, may be a potential source of memory leaks?

Originally posted by Michael Ernest: Memory leaks are not a property of any one language -- not even C++. It is certainly possible to create memory leaks in a running Java program, but it has nothing to do with native code libraries. It has everything to do with careless programming.

Michael, My understanding is that Java never creates a memory leak how bad your program could be. If at all if there are any memory leaks they are because oof the faulty implementation of JVM. It is certainly possible to create memory leaks in a running Java program I am just curious here. can you write a single example which creates a memory leak on any JVM. --sridhar

Basically the thing to keep in mind is that Sun's implementatation of Java is really good. There are a few bugs in the standard libraries, but I can count on the fingers of one hand the number of times that Sun's virtual machine has unexpectedly halted running a pure Java application -- and I've been using java since 1.1. Just go to securityfocus.net and look for security bugs in Sun's virtual machine. In response to sridhar: You can maintain references to unused objects and clog the memory -- read: you can create memory leaks. Here's an example of a memory leak that's in Effective Java by Joshua Bloch -- an array based stack. I know it's a good example because I saw with my own eyes a grad student instructor make this exact same stack leak mistake this summer.

Do you see the memory leak? It's in the pop() method. Once I put something into the stack, it won't be garbage collected until the entire stack is. I don't delete the reference from the array -- I just change a pointer. Here's the fix:

It's just important to remember that when an object isn't going to be used ever again, any references to it should either go out of scope at the end of the current code block or be specifically set to null. [ August 29, 2002: Message edited by: David Weitzman ]

Those of us who are C++ programmers can tell you that the example is not a true memory leak in the classic term. Back in the old days we used to write programs that would never free memeory even after they terminated. You'd have to reboot your windows PC to get your memory back. Now that was a memory leak!!!